Information Security Director

JOB TITLE & JOB CODE

Job Title (Job code): Information Security Director

PURPOSE OF THE JOB

• The Information Security Director is responsible for defining implementing and continuously improving Alstoms global security strategy across Digital Services.
• This role ensures the Confidentiality Integrity and Availability of digital assets and aligns security initiatives with business objectives and regulatory requirements.
• This end-to-end strategic position encompasses the governance and identification of cybersecurity risks the protection of Alstom digital assets the detection of security events and the response to security incidents.

ORGANISATION

Organisation structure (job belongs to..)

DIGITAL SERVICES

Reports directly to:

Group Chief Information Security Officer

Other reporting to:

Dotted line reporting Position title if any

Direct reports: head of the following activities:

• Governance Risk and Compliance
• Cybersecurity Projects/Programs
• Cybersecurity Architecture & Solutions
• Security into Projects
• Identity and Access Management
• Security Operations Center
• Product Security Service Center

Network & Links Position title of connected positions / functional report

Internal

• Business Process Solutions
• Operations Center
• IT Infrastructures
• Data and AI
• Digital Platforms
• Business Lines

External

• Service providers
• Technology vendors
• Regulatory bodies (e.g. ANSSI)

MAIN RESPONSABILITIES

Describe here main information such as accountabilities authorities performance measurements etc.

Strategic Leadership

• Define and maintain Alstoms Information Security mission vision strategy and roadmap in coordination with the Group CISO.
• Align Information Security initiatives with Corporate objectives and Digital Transformation programs.
• Contribute to global security governance and represent Information Security in executive committees.

Governance Risk Management & Compliance

• Maintain Alstom ISMS policies ensuring compliance with international standards (ISO 27001 NIS 2 and any applicable regulation).
• Oversee Digital Services Cybersecurity Risk Management including Security Debt Management Security Validation and Third Parties Risk Management.
• Improve Alstom Information Security awareness and culture.
• Animate the global network of Security correspondents.

Projects/Programs/Crisis

• Deliver Information Security project and program portfolio on time on budget and on quality.
• Lead the Information Security roadmap and budget management.
• Ensure the Information Security Crisis processes and procedures are up to date and organization readiness.

Security into Projects

• Oversee all Digital Services and Business led projects to ensuring compliance to Alstom ISMS requirements.
• Perform projects risk assessments including Sensitivity assessment Risk identification and recommendations with required measures.

Architecture & Solutions

• Ensure Cybersecurity Solutions meet required efficiency and performance to mitigate the evolving threat landscape.
• Supervise the design and deployment of secure architectures for IT and Industrial environments (labs and shopfloors).
• Drive adoption of security patterns and standards across projects and platforms.
• Manage the PKI Services.

Identity & Access Management (IAM)

• Oversee and manage IAM for Mission and Business Critical Applications.
• Manage the Alstom Identity and Access Governance solution (passport).
• Manage the Alstom B2B IAM solution.
• Oversee the Privilege Access Management including privilege access platform and PAM processes.

Security Operations

• Lead global Information Security Operations including SOC VOC Threat Intelligence and endpoint security.
• Ensure robust security event detection incident response and reaction.
• Lead the Risk Based Vulnerability Management activities (RBVM).
• Proactively identify threats relevant in Alstom environment.
• Monitor KPIs and implement continuous improvement plans for security services.

Product Security Service Center

• Deliver Vulnerability Assessment and Pen Tests (VAPT) Services for Alstom Products and Projects.
• Manage and maximize adoption of the Alstom Static Code Analysis solution (SCA).
• Lead the global Product and Solution Incident Response Team (PSIRT).
• Lead the NIDS competency center for Railway projects.

People & Stakeholder Management

• Build and mentor a high-performing Security team across multiple geographies.
• Foster collaboration with IT domains transverse functions and business stakeholders.
• Promote cybersecurity awareness and training programs across the organization.

MAIN REQUIRED COMPETENCES

Educational Requirements Describe the minimum educational requirement/level

Mandatory:

• Masters degree in Information Security Computer Science or related field
• Fluent in English

Desirable:

• Certifications: CISSP CISM or equivalent

Experience Describe the knowledge and experience required for this role

Mandatory:

• 15 years in cybersecurity roles
• Proven experience in managing global programs and teams

Desirable:

• Knowledgeable of identity governance IAM PKI
• SOC management
• Outsourcing and supplier management

Competencies & Skills Describe the needed skills (technical & behavioral)

• Security Architecture
• Security Operations
• Risk Management
• Familiarity with ISO 27001 and NIST frameworks
• Soft Skills: Strategic thinking leadership communication stakeholder engagement